If an attempt to populate &$sender_host_name$& has been made
(by reference, &%hosts_lookup%& or
otherwise) then this boolean will have been set true if, and only if, the
-resolver library states that the reverse DNS was authenticated data. At all
+resolver library states that both
+the reverse and forward DNS were authenticated data. At all
other times, this variable is false.
It is likely that you will need to coerce DNSSEC support on in the resolver
Exim does not perform DNSSEC validation itself, instead leaving that to a
validating resolver (eg, unbound, or bind with suitable configuration).
-Exim does not (currently) check to see if the forward DNS was also secured
-with DNSSEC, only the reverse DNS.
-
If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
mechanism in the list, then this variable will be false.
JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
+JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse,
+ when evaluating $sender_host_dnssec.
+
Exim version 4.85
-----------------
extern ip_address_item *host_build_ifacelist(const uschar *, uschar *);
extern void host_build_log_info(void);
extern void host_build_sender_fullhost(void);
-extern BOOL host_find_byname(host_item *, const uschar *, int, const uschar **, BOOL);
+extern BOOL host_find_byname(host_item *, const uschar *, int,
+ const uschar **, BOOL);
extern int host_find_bydns(host_item *, const uschar *, int, uschar *, uschar *,
uschar *, const dnssec_domains *, const uschar **, BOOL *);
extern ip_address_item *host_find_interfaces(void);
/* Do lookups directly in the DNS or via gethostbyaddr() (or equivalent), in
the order specified by the host_lookup_order option. */
-while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
- != NULL)
+while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
{
if (strcmpic(ordername, US"bydns") == 0)
{
int count = 0;
int old_pool = store_pool;
- /* Ideally we'd check DNSSEC both forward and reverse, but we use the
- gethost* routines for forward, so can't do that unless/until we rewrite. */
sender_host_dnssec = dns_is_secure(&dnsa);
DEBUG(D_dns)
debug_printf("Reverse DNS security status: %s\n",
"empty name: treated as non-existent host name\n");
continue;
}
- if (sender_host_name == NULL) sender_host_name = s;
- else *aptr++ = s;
+ if (!sender_host_name) sender_host_name = s;
+ else *aptr++ = s;
while (*s != 0) { *s = tolower(*s); s++; }
}
int rc;
BOOL ok = FALSE;
host_item h;
+ dnssec_domains d;
+
h.next = NULL;
h.name = hname;
h.mx = MX_NONE;
h.address = NULL;
+ d.request = sender_host_dnssec ? US"*" : NULL;;
+ d.require = NULL;
- /* When called with the last argument FALSE, host_find_byname() won't return
- HOST_FOUND_LOCAL. If the incoming address is an IPv4 address expressed in
- IPv6 format, we must compare the IPv4 part to any IPv4 addresses. */
-
- if ((rc = host_find_byname(&h, NULL, 0, NULL, FALSE)) == HOST_FOUND)
+ if ( (rc = host_find_bydns(&h, NULL, HOST_FIND_BY_A,
+ NULL, NULL, NULL, &d, NULL, NULL)) == HOST_FOUND
+ || rc == HOST_FOUND_LOCAL
+ )
{
host_item *hh;
HDEBUG(D_host_lookup) debug_printf("checking addresses for %s\n", hname);
+
+ /* If the forward lookup was not secure we cancel the is-secure variable */
+
+ DEBUG(D_dns) debug_printf("Forward DNS security status: %s\n",
+ h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
+ if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
+
for (hh = &h; hh != NULL; hh = hh->next)
- {
if (host_is_in_net(hh->address, sender_host_address, 0))
{
HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
break;
}
else
- {
HDEBUG(D_host_lookup) debug_printf(" %s\n", hh->address);
- }
- }
+
if (!ok) HDEBUG(D_host_lookup)
debug_printf("no IP address for %s matched %s\n", hname,
sender_host_address);
return DEFER;
}
else
- {
HDEBUG(D_host_lookup) debug_printf("no IP addresses found for %s\n", hname);
- }
/* If this name is no good, and it's the sender name, set it null pro tem;
if it's an alias, just remove it from the list. */
if (fully_qualified_name != NULL) *fully_qualified_name = host->name;
dns_init((whichrrs & HOST_FIND_QUALIFY_SINGLE) != 0,
(whichrrs & HOST_FIND_SEARCH_PARENTS) != 0,
- dnssec_request
- );
+ dnssec_request);
host_find_failed_syntax = FALSE;
/* First, if requested, look for SRV records. The service name is given; we
else
{
shost.name = string_copy(hostname);
- if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, NULL,
- FALSE) != HOST_FOUND)
+ if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE,
+ NULL, FALSE) != HOST_FOUND)
{
*errstr = string_sprintf("no IP address found for host %s", shost.name);
return -1;
host->address = host->name;
else
{
+/*XXX might want dnssec request/require on an iplookup router? */
int rc = host_find_byname(host, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, TRUE);
if (rc == HOST_FIND_FAILED || rc == HOST_FIND_AGAIN) continue;
}
if (helo_verified)
{
+ /*XXX have sender_host_dnssec */
HDEBUG(D_receive) debug_printf("matched host name\n");
}
else
{
helo_verified = strcmpic(*aliases++, sender_helo_name) == 0;
if (helo_verified) break;
+ /*XXX have sender_host_dnssec */
}
HDEBUG(D_receive)
{
h.next = NULL;
HDEBUG(D_receive) debug_printf("getting IP address for %s\n",
sender_helo_name);
+/*XXX would like to determine dnssec status here */
+/* need to change to bydns */
rc = host_find_byname(&h, NULL, 0, NULL, TRUE);
if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
{
h.address = NULL;
h.mx = MX_NONE;
+ /* Using byname rather than bydns here means we cannot determine dnssec
+ status. On the other hand it is unclear how that could be either
+ propagated up or enforced. */
+
rc = host_find_byname(&h, NULL, HOST_FIND_QUALIFY_SINGLE, NULL, FALSE);
if (rc == HOST_FOUND || rc == HOST_FOUND_LOCAL)
{
result: ----> No lookup yet: No
looking up host name for V4NET.0.0.1
IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx
checking addresses for ten-1.test.ex
V4NET.0.0.1 OK
sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) using fakens
DNS lookup of 1.0.0.V4NET.in-addr.arpa (PTR) succeeded
IP address lookup yielded "ten-1.test.ex"
-using host_fake_gethostbyname for ten-1.test.ex (IPv4)
DNS lookup of ten-1.test.ex (A) using fakens
DNS lookup of ten-1.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=ten-1.test.ex address=V4NET.0.0.1
+ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx
checking addresses for ten-1.test.ex
+Forward DNS security status: unverified
V4NET.0.0.1 OK
sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
sender_rcvhost = ten-1.test.ex ([V4NET.0.0.1])
>>> host in host_lookup? yes (matched "10.250.104.0/21")
>>> looking up host name for 10.250.104.42
>>> IP address lookup yielded "manyhome.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=manyhome.test.ex address=10.250.104.0
->>> name=manyhome.test.ex address=10.250.104.1
->>> name=manyhome.test.ex address=10.250.104.2
->>> name=manyhome.test.ex address=10.250.104.3
->>> name=manyhome.test.ex address=10.250.104.4
->>> name=manyhome.test.ex address=10.250.104.5
->>> name=manyhome.test.ex address=10.250.104.6
->>> name=manyhome.test.ex address=10.250.104.7
->>> name=manyhome.test.ex address=10.250.104.8
->>> name=manyhome.test.ex address=10.250.104.9
->>> name=manyhome.test.ex address=10.250.104.10
->>> name=manyhome.test.ex address=10.250.104.11
->>> name=manyhome.test.ex address=10.250.104.12
->>> name=manyhome.test.ex address=10.250.104.13
->>> name=manyhome.test.ex address=10.250.104.14
->>> name=manyhome.test.ex address=10.250.104.15
->>> name=manyhome.test.ex address=10.250.104.16
->>> name=manyhome.test.ex address=10.250.104.17
->>> name=manyhome.test.ex address=10.250.104.18
->>> name=manyhome.test.ex address=10.250.104.19
->>> name=manyhome.test.ex address=10.250.104.20
->>> name=manyhome.test.ex address=10.250.104.21
->>> name=manyhome.test.ex address=10.250.104.22
->>> name=manyhome.test.ex address=10.250.104.23
->>> name=manyhome.test.ex address=10.250.104.24
->>> name=manyhome.test.ex address=10.250.104.25
->>> name=manyhome.test.ex address=10.250.104.26
->>> name=manyhome.test.ex address=10.250.104.27
->>> name=manyhome.test.ex address=10.250.104.28
->>> name=manyhome.test.ex address=10.250.104.29
->>> name=manyhome.test.ex address=10.250.104.30
->>> name=manyhome.test.ex address=10.250.104.31
->>> name=manyhome.test.ex address=10.250.104.32
->>> name=manyhome.test.ex address=10.250.104.33
->>> name=manyhome.test.ex address=10.250.104.34
->>> name=manyhome.test.ex address=10.250.104.35
->>> name=manyhome.test.ex address=10.250.104.36
->>> name=manyhome.test.ex address=10.250.104.37
->>> name=manyhome.test.ex address=10.250.104.38
->>> name=manyhome.test.ex address=10.250.104.39
->>> name=manyhome.test.ex address=10.250.104.40
->>> name=manyhome.test.ex address=10.250.104.41
->>> name=manyhome.test.ex address=10.250.104.42
->>> name=manyhome.test.ex address=10.250.104.43
->>> name=manyhome.test.ex address=10.250.104.44
->>> name=manyhome.test.ex address=10.250.104.45
->>> name=manyhome.test.ex address=10.250.104.46
->>> name=manyhome.test.ex address=10.250.104.47
->>> name=manyhome.test.ex address=10.250.104.48
->>> name=manyhome.test.ex address=10.250.104.49
->>> name=manyhome.test.ex address=10.250.104.50
->>> name=manyhome.test.ex address=10.250.104.51
->>> name=manyhome.test.ex address=10.250.104.52
->>> name=manyhome.test.ex address=10.250.104.53
->>> name=manyhome.test.ex address=10.250.104.54
->>> name=manyhome.test.ex address=10.250.104.55
->>> name=manyhome.test.ex address=10.250.104.56
->>> name=manyhome.test.ex address=10.250.104.57
->>> name=manyhome.test.ex address=10.250.104.58
->>> name=manyhome.test.ex address=10.250.104.59
->>> name=manyhome.test.ex address=10.250.104.60
->>> name=manyhome.test.ex address=10.250.104.61
->>> name=manyhome.test.ex address=10.250.104.62
>>> checking addresses for manyhome.test.ex
->>> 10.250.104.0
->>> 10.250.104.1
+>>> 10.250.104.51
+>>> 10.250.104.17
>>> 10.250.104.2
->>> 10.250.104.3
->>> 10.250.104.4
->>> 10.250.104.5
->>> 10.250.104.6
->>> 10.250.104.7
+>>> 10.250.104.26
>>> 10.250.104.8
->>> 10.250.104.9
->>> 10.250.104.10
->>> 10.250.104.11
->>> 10.250.104.12
->>> 10.250.104.13
->>> 10.250.104.14
->>> 10.250.104.15
->>> 10.250.104.16
->>> 10.250.104.17
>>> 10.250.104.18
->>> 10.250.104.19
->>> 10.250.104.20
+>>> 10.250.104.25
>>> 10.250.104.21
->>> 10.250.104.22
+>>> 10.250.104.39
+>>> 10.250.104.32
+>>> 10.250.104.29
>>> 10.250.104.23
->>> 10.250.104.24
->>> 10.250.104.25
->>> 10.250.104.26
->>> 10.250.104.27
+>>> 10.250.104.43
+>>> 10.250.104.46
>>> 10.250.104.28
->>> 10.250.104.29
->>> 10.250.104.30
->>> 10.250.104.31
->>> 10.250.104.32
->>> 10.250.104.33
->>> 10.250.104.34
->>> 10.250.104.35
->>> 10.250.104.36
->>> 10.250.104.37
->>> 10.250.104.38
->>> 10.250.104.39
->>> 10.250.104.40
+>>> 10.250.104.4
>>> 10.250.104.41
+>>> 10.250.104.15
+>>> 10.250.104.14
+>>> 10.250.104.45
>>> 10.250.104.42 OK
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> looking up host name for V4NET.0.0.3
>>> IP address lookup yielded "ten-3.test.ex"
>>> alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3.test.ex
>>> V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3-alias.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3-alias.test.ex
>>> V4NET.0.0.3 OK
>>> require: condition test succeeded in ACL "acl_V4NET_0_0"
>>> looking up host name for V4NET.99.99.96
>>> IP address lookup yielded "x.test.again.dns"
>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
>>> temporary error for host name lookup
>>> accept: condition test deferred in ACL "acl_V4NET_99_99"
LOG: H=[V4NET.99.99.96] F=<> temporarily rejected RCPT <x@y>: host lookup deferred for reverse lookup check
>>> looking up host name for V4NET.99.99.96
>>> IP address lookup yielded "x.test.again.dns"
>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
+>>> x.test.again.dns in dns_again_means_nonexist? no (option unset)
>>> temporary error for host name lookup
>>> accept: condition test succeeded in ACL "acl_V4NET_99_99"
>>> end of ACL "acl_V4NET_99_99": ACCEPT
>>> sender host name required, to match against *-2.test.ex
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in "*-2.test.ex : *-3-alias.test.ex"? no (end of list)
>>> sender host name required, to match against *-2.test.ex
>>> looking up host name for V4NET.0.0.2
>>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-2.test.ex address=V4NET.0.0.2
>>> checking addresses for ten-2.test.ex
>>> V4NET.0.0.2 OK
>>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-2.test.ex")
>>> looking up host name for V4NET.0.0.3
>>> IP address lookup yielded "ten-3.test.ex"
>>> alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3.test.ex
>>> V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3-alias.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3-alias.test.ex
>>> V4NET.0.0.3 OK
>>> host in "*-2.test.ex : *-3-alias.test.ex"? yes (matched "*-3-alias.test.ex")
>>> sender host name required, to match against ^[^\d]+2
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in "^[^\d]+2"? no (end of list)
>>> sender host name required, to match against ^[^\d]+2
>>> looking up host name for V4NET.0.0.2
>>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-2.test.ex address=V4NET.0.0.2
>>> checking addresses for ten-2.test.ex
>>> V4NET.0.0.2 OK
>>> host in "^[^\d]+2"? yes (matched "^[^\d]+2")
>>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? no (end of list)
>>> sender host name required, to match against lsearch;TESTSUITE/aux-fixed/0064.hosts
>>> looking up host name for V4NET.0.0.2
>>> IP address lookup yielded "ten-2.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-2.test.ex address=V4NET.0.0.2
>>> checking addresses for ten-2.test.ex
>>> V4NET.0.0.2 OK
>>> host in "lsearch;TESTSUITE/aux-fixed/0064.hosts"? yes (matched "lsearch;TESTSUITE/aux-fixed/0064.hosts")
>>> sender host name required, to match against *-1.test.ex
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in "!TESTSUITE/aux-fixed/0066.nothosts : TESTSUITE/aux-var/0066.hostnets"? yes (matched "*-1.test.ex" in TESTSUITE/aux-var/0066.hostnets)
>>> sender host name required, to match against ^ten-1\.test\.ex
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in sender_unqualified_hosts? yes (matched "^ten-1\.test\.ex")
>>> verifying EHLO/HELO argument "ten-1.test.ex"
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> matched host name
>>> looking up host name for V4NET.0.0.3
>>> IP address lookup yielded "ten-3.test.ex"
>>> alias "ten-3-alias.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3.test.ex
>>> V4NET.0.0.3 OK
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-3-alias.test.ex address=V4NET.0.0.3
>>> checking addresses for ten-3-alias.test.ex
>>> V4NET.0.0.3 OK
>>> matched host name
>>> verifying EHLO/HELO argument "rhubarb"
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> getting IP address for rhubarb
>>> sender host name required, to match against *N-99.test.EX
>>> looking up host name for V4NET.0.0.99
>>> IP address lookup yielded "ten-99.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-99.test.ex address=V4NET.0.0.99
>>> checking addresses for ten-99.test.ex
>>> V4NET.0.0.99 OK
>>> host in sender_unqualified_hosts? yes (matched "*N-99.test.EX")
>>> host in host_lookup? yes (matched "0.0.0.0/0")
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in host_reject_connection? no (option unset)
DNS lookup of 90.99.99.V4NET.in-addr.arpa (PTR) succeeded
IP address lookup yielded "oneback.test.ex"
alias "host1.masq.test.ex"
-using host_fake_gethostbyname for oneback.test.ex (IPv4)
DNS lookup of oneback.test.ex (A) using fakens
DNS lookup of oneback.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=oneback.test.ex address=V4NET.99.99.90
+oneback.test.ex V4NET.99.99.90 mx=-1 sort=xx
checking addresses for oneback.test.ex
+Forward DNS security status: unverified
V4NET.99.99.90 OK
-using host_fake_gethostbyname for host1.masq.test.ex (IPv4)
DNS lookup of host1.masq.test.ex (A) using fakens
DNS lookup of host1.masq.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=host1.masq.test.ex address=V4NET.90.90.90
+host1.masq.test.ex V4NET.90.90.90 mx=-1 sort=xx
checking addresses for host1.masq.test.ex
+Forward DNS security status: unverified
V4NET.90.90.90
no IP address for host1.masq.test.ex matched V4NET.99.99.90
sender_fullhost = oneback.test.ex [V4NET.99.99.90]
>>> myhost.test.ex in helo_lookup_domains? yes (matched "@")
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in hosts_connection_nolog? no (option unset)
>>> [127.0.0.1] in helo_lookup_domains? yes (matched "@[]")
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in dsn_advertise_hosts? no (option unset)
>>> sender host name required, to match against *.test.ex
>>> looking up host name for V4NET.0.0.1
>>> IP address lookup yielded "ten-1.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=ten-1.test.ex address=V4NET.0.0.1
>>> checking addresses for ten-1.test.ex
>>> V4NET.0.0.1 OK
>>> host in "*.test.ex"? yes (matched "*.test.ex")
DNS lookup of 97.99.99.V4NET.in-addr.arpa (PTR) succeeded
IP address lookup yielded "x.gov.uk.test.ex"
alias "x.co.uk.test.ex"
-using host_fake_gethostbyname for x.gov.uk.test.ex (IPv4)
DNS lookup of x.gov.uk.test.ex (A) using fakens
DNS lookup of x.gov.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=x.gov.uk.test.ex address=V4NET.99.99.97
+x.gov.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx
checking addresses for x.gov.uk.test.ex
+Forward DNS security status: unverified
V4NET.99.99.97 OK
-using host_fake_gethostbyname for x.co.uk.test.ex (IPv4)
DNS lookup of x.co.uk.test.ex (A) using fakens
DNS lookup of x.co.uk.test.ex (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=x.co.uk.test.ex address=V4NET.99.99.97
+x.co.uk.test.ex V4NET.99.99.97 mx=-1 sort=xx
checking addresses for x.co.uk.test.ex
+Forward DNS security status: unverified
V4NET.99.99.97 OK
sender_fullhost = x.gov.uk.test.ex [V4NET.99.99.97]
sender_rcvhost = x.gov.uk.test.ex ([V4NET.99.99.97] ident=CALLER)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for V6NET:1234:0005:0006:0007:0008:0abc:000d
>>> IP address lookup yielded "test3.ipv6.test.ex"
-MUNGED: ::1 will be omitted in what follows
->>> get[host|ipnode]byname[2] looked up these IP addresses:
->>> name=test3.ipv6.test.ex address=V6NET:1234:5:6:7:8:abc:d
>>> checking addresses for test3.ipv6.test.ex
>>> V6NET:1234:5:6:7:8:abc:d OK
>>> host in host_reject_connection? no (option unset)
DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens
DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded
IP address lookup yielded "the.local.host.name"
-using host_fake_gethostbyname for the.local.host.name (IPv4)
DNS lookup of the.local.host.name (A) using fakens
DNS lookup of the.local.host.name (A) succeeded
-MUNGED: ::1 will be omitted in what follows
-get[host|ipnode]byname[2] looked up these IP addresses:
- name=the.local.host.name address=ip4.ip4.ip4.ip4
+local host found for non-MX address
+the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=xx
checking addresses for the.local.host.name
+Forward DNS security status: unverified
ip4.ip4.ip4.ip4 OK
sender_fullhost = the.local.host.name [ip4.ip4.ip4.ip4]
sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4])
git://git.exim.org / users / jgh / exim.git / commitdiff